If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Breaking into my 2wire 2701HG-G router

Hi Backtrack users,

I have a 2wire 2701HG-G router (router+modem) and I am trying to have access to the advanced management panel. Let me explain.

This router comes from my ISP (and I bought it, not rented). There is a basic administration panel that I have access to where I can forward ports, setup my WiFi, remote access and more. This panel is available at my gateway address through HTTP.

There's also another administration panel (more advanced) allowing me to bridge connections, increase WiFi signal power, blocking websites and even more. This panel is available at a hidden URL ( http://192.168.1.254/mdc ), but it requires a password (serial number according to the label). I tried the one on my box and it isn't working. 2wire have a couple of keys on their site, but I tried them all. Not working.

Also, I found that my router is accessible remotely by default. This option can only be turned on from the "advanced" panel. It's available through SSL, port 50001. The protection there is an .htaccess.

I'm a bit pissed off to have all these functions unavailable. I read a lot on the Internet, and nobody seems to have accessed this "advanced" panel. The only way to do so (that I found) is to flash the firmware using a firmware from another company (since the 2701HG-G is not available on the Internet). The bad thing about that is that the firmware isn't for this exact model, leaving some functions behind and probably making the router a bit unstable in some cases.

I contacted the tech support of my ISP (Bell Canada) and they don't want to help me out. They told me they don't have this information, but they sure do. They can reboot remotely any router they sold, and the only way the could is through this "backdoor".

The good thing about cracking the HTTP form is that I only have to find the password, so only 1 field to have good. The bad thing is that the router reply after a request is really slow.

The good thing about cracking the .htaccess is that it's kind of fast (3000 tries per minute). The bad thing is that if I have the wrong login, I have to start all over again. I guessed the login to be admin or root.